Description

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Consequences

Authentication: As passwords age, the probability that they are compromised grows.

Exposure period

Design: Support for password aging mechanisms must be added in the design phase of development.

Platform

Languages: All

Operating platforms: All

Required resources

Any

Severity

Medium

Likelihood of exploit

Very Low

Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.

Risk Factors

TBD

Examples

A common example is not having a system to terminate old employee accounts.

Not having a system for enforcing the changing of passwords every certain period.